package eu.emi.security.authn.x509.helpers.pkipath;

import eu.emi.security.authn.x509.ProxySupport;
import eu.emi.security.authn.x509.RevocationParameters;
import eu.emi.security.authn.x509.StoreUpdateListener;
import eu.emi.security.authn.x509.ValidationError;
import eu.emi.security.authn.x509.ValidationErrorCode;
import eu.emi.security.authn.x509.ValidationErrorListener;
import eu.emi.security.authn.x509.ValidationResult;
import eu.emi.security.authn.x509.X509CertChainValidatorExt;
import eu.emi.security.authn.x509.helpers.crl.AbstractCRLCertStoreSpi;
import eu.emi.security.authn.x509.helpers.crl.SimpleCRLStore;
import eu.emi.security.authn.x509.helpers.trust.TrustAnchorStore;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:eu/emi/security/authn/x509/helpers/pkipath/AbstractValidator.class */
public abstract class AbstractValidator implements X509CertChainValidatorExt {
    private TrustAnchorStore caStore;
    private AbstractCRLCertStoreSpi crlStore;
    protected BCCertPathValidator validator;
    private ProxySupport proxySupport;
    private RevocationParameters revocationMode;
    protected boolean disposed;
    protected Set<StoreUpdateListener> observers = new LinkedHashSet();
    protected Set<ValidationErrorListener> listeners = new LinkedHashSet();

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized void init(TrustAnchorStore trustAnchorStore, AbstractCRLCertStoreSpi abstractCRLCertStoreSpi, ProxySupport proxySupport, RevocationParameters revocationParameters) {
        this.disposed = false;
        if (trustAnchorStore != null) {
            this.caStore = trustAnchorStore;
        }
        if (abstractCRLCertStoreSpi != null) {
            this.crlStore = abstractCRLCertStoreSpi;
        }
        this.validator = new BCCertPathValidator();
        this.proxySupport = proxySupport;
        this.revocationMode = revocationParameters;
    }

    @Override // eu.emi.security.authn.x509.X509CertChainValidator
    public ValidationResult validate(CertPath certPath) {
        List<? extends Certificate> certificates = certPath.getCertificates();
        X509Certificate[] x509CertificateArr = new X509Certificate[certificates.size()];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            Certificate certificate = certificates.get(i);
            if (!(certificate instanceof X509Certificate)) {
                throw new IllegalArgumentException("Can validate only X509Certificate chains. Found instance of: " + certificate.getClass().getName());
            }
            x509CertificateArr[i] = (X509Certificate) certificate;
        }
        return validate(x509CertificateArr);
    }

    @Override // eu.emi.security.authn.x509.X509CertChainValidator
    public synchronized ValidationResult validate(X509Certificate[] x509CertificateArr) {
        ValidationResult validationResult;
        if (this.disposed) {
            throw new IllegalStateException("The validator instance was disposed");
        }
        try {
            validationResult = this.validator.validate(x509CertificateArr, this.proxySupport == ProxySupport.ALLOW, this.caStore.getTrustAnchors(), new SimpleCRLStore(this.crlStore), this.revocationMode.getCrlCheckingMode());
        } catch (CertificateException e) {
            validationResult = new ValidationResult(false, Collections.singletonList(new ValidationError(x509CertificateArr, -1, ValidationErrorCode.inputError, e.toString())));
        }
        if (!validationResult.isValid()) {
            processErrorList(validationResult.getErrors());
            if (validationResult.getErrors().size() == 0 && validationResult.getUnresolvedCriticalExtensions().size() == 0) {
                return new ValidationResult(true);
            }
        }
        return validationResult;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processErrorList(List<ValidationError> list) {
        int i = 0;
        while (i < list.size()) {
            if (notifyListeners(list.get(i))) {
                list.remove(i);
                i--;
            }
            i++;
        }
    }

    @Override // eu.emi.security.authn.x509.X509CertChainValidator
    public synchronized X509Certificate[] getTrustedIssuers() {
        return this.caStore.getTrustedCertificates();
    }

    protected boolean notifyListeners(ValidationError validationError) {
        synchronized (this.listeners) {
            Iterator<ValidationErrorListener> it = this.listeners.iterator();
            while (it.hasNext()) {
                if (it.next().onValidationError(validationError)) {
                    return true;
                }
            }
            return false;
        }
    }

    @Override // eu.emi.security.authn.x509.X509CertChainValidator
    public void addValidationListener(ValidationErrorListener validationErrorListener) {
        synchronized (this.listeners) {
            this.listeners.add(validationErrorListener);
        }
    }

    @Override // eu.emi.security.authn.x509.X509CertChainValidator
    public void removeValidationListener(ValidationErrorListener validationErrorListener) {
        synchronized (this.listeners) {
            this.listeners.remove(validationErrorListener);
        }
    }

    @Override // eu.emi.security.authn.x509.X509CertChainValidatorExt
    public synchronized ProxySupport getProxySupport() {
        return this.proxySupport;
    }

    @Override // eu.emi.security.authn.x509.X509CertChainValidatorExt
    public synchronized RevocationParameters getRevocationCheckingMode() {
        return this.revocationMode;
    }

    @Override // eu.emi.security.authn.x509.X509CertChainValidatorExt
    public synchronized void dispose() {
        this.disposed = true;
        this.crlStore.dispose();
        this.caStore.dispose();
    }

    @Override // eu.emi.security.authn.x509.X509CertChainValidator
    public void addUpdateListener(StoreUpdateListener storeUpdateListener) {
        this.crlStore.addUpdateListener(storeUpdateListener);
        this.caStore.addUpdateListener(storeUpdateListener);
    }

    @Override // eu.emi.security.authn.x509.X509CertChainValidator
    public void removeUpdateListener(StoreUpdateListener storeUpdateListener) {
        this.crlStore.removeUpdateListener(storeUpdateListener);
        this.caStore.removeUpdateListener(storeUpdateListener);
    }

    static {
        CertificateUtils.configureSecProvider();
    }
}
